Android malware? Google will be watching your every move

Google is to boost security on its Android devices, by continuously checking apps to see that they haven’t mutated into malicious Android malware, monitoring all apps on Android devices for suspicious behavior, according to PC World.

At present, apps have to pass one “exam” on installation to prove that they don’t exhibit malicious behavior, then are considered to be safe. But as various research projects, both on Android and iOS have shown, it’s perfectly possible for an app to change its functions after installation to become Android malware.

Slashgear reports that the new system builds on Google’s existing “Verify apps” function, which scans apps at the point of installation. Slashgear reports that Google’s engineers compare it to alarm systems in the home: the previous system is like a door or window sensor. The ongoing checks for malicious behaviour are more like movement sensors looking for intruders already within the home.

In an official Android blog post, Google wrote, “Building on Verify apps, which already protects people when they’re installing apps outside of Google Play at the time of installation, we’re rolling out a new enhancement which will now continually check devices to make sure that all apps are behaving in a safe manner, even after installation.”

The current system was introduced in 2012, and, as Google explained in a blog post, “once an application is uploaded, the service immediately starts analyzing it for known Android malware, spyware and trojans. It also looks for behaviors that indicate an application might be misbehaving, and compares it against previously analyzed apps to detect possible red flags. We actually run every application on Google’s cloud infrastructure and
simulate how it will run on an Android device to look for hidden, malicious behavior.”

The Next Web described the move as a significant upgrade for Android malware security, saying that the company will now employ the app-scanning technology used for its app store for a “continuous audit” of apps as they run.

Maximum PC reports that Android malware is actually surprisingly rare, according to Google’s statistics. The magazine also points out that the new protection will extend to apps installed before Google’s current system began in 2012.

“Because potentially harmful applications are very rare, most people will never see a warning or any other indication that they have this additional layer of protection. But we do expect a small number of people to see warnings (which look similar to the existing Verify apps warnings) as a result of this new capability,” Google stated in a blog post. “The good news is that very few people have ever encountered this; in fact, we’ve found that fewer than 0.18 percent of installs in the last year occurred after someone received a warning that the app was potentially harmful.”